[307] in linux-security and linux-alert archive
Re: write does not clear suids bit
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Aug 3 05:43:02 1995
From: okir@monad.swb.de (Olaf Kirch)
To: aleph1@dfw.net (Aleph One)
Date: Thu, 3 Aug 1995 10:08:55 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.90.950802192729.9310A-100000@dfw.net> from "Aleph One" at Aug 2, 95 07:32:46 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hello all,
This problem pops up when the user writes a file that belongs to someone
else. The test in inode_change_ok will reject the chmod attempt, and
therefore notify_change will return -EPERM instead of clearing the
mode bits.
A quick'n'very-dirty fix may be to do something like this:
/*
* If data has been written to the file, remove the setuid and
* the setgid bits
*/
if (written > 0 && !suser() && (inode->i_mode & (S_ISUID | S_ISGID))) {
struct iattr newattrs;
+ uid_t fsuid = current->fsuid;
+
newattrs.ia_mode = inode->i_mode & ~(S_ISUID | S_ISGID);
newattrs.ia_valid = ATTR_MODE;
+ current->fsuid = inode->i_uid;
notify_change(inode, &newattrs);
+ current->fsuid = fsuid;
}
return written;
The best fix around is definitely not to have world-writable setuid files
at all and leave the rest to Linus:-)
Olaf
- --
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBMCCD9uFnVHXv40etAQGp9wP9FKwQz1jNoQ5pUAGBbUmo9B8thKoMIRC3
o0prsg+667aSjF+316Fskqvr3NGbuLSjPPY9jR3cCvGeVN22xJVzKMqghN5MZp1G
WFdKx/91zxNkAzSHATyEWP69ohEuWlKTYFCaUJXdy1v345/qwoHKPx0DNpV98iTN
jWu8+m+GXQI=
=Phia
-----END PGP SIGNATURE-----
